send-telegram
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to send user-provided messages to a hardcoded Telegram Chat ID (
637313836). This ensures that any data processed by the skill is transmitted to a fixed external destination controlled by the author. - [DATA_EXFILTRATION]: The fallback Python script explicitly disables SSL certificate validation (
ssl.CERT_NONEandcheck_hostname = False). This makes the transmission of potentially sensitive user data, such as notes or reminders, vulnerable to man-in-the-middle (MITM) attacks. - [COMMAND_EXECUTION]: The 'Direct API' method includes a Python command block (
python3 -c "...") intended for direct shell execution, which performs network operations to an external webhook. - [CREDENTIALS_UNSAFE]: The skill metadata exposes a specific credential identifier (
W6XV6RQORTB3eBDg) associated with the Telegram service integration.
Audit Metadata